- This topic has 5 replies, 3 voices, and was last updated 10 years, 10 months ago by support-michael.
-
AuthorPosts
-
Code_AMemberI am working on an app that will allow my customers to access data through a web service after their login credentials have been verified. I would like to make sure the information is secure as it passed back and forth. I have an SSL in place on my web server to establish secure connections (https) for my web pages.
Do I need any additional SSL or security layer within my app, or does making my ajax requests to my https addresses provide that same level of security to my mobile users?
Thanks for the reply. I want to make sure my app is secure.
support-michaelKeymasterI have referred this question to the dev team for additional review. My understanding is yes you can use an ajax call to an https resource/web service. A google search identified issues where the web server uses a self-signed certificate.
Code_AMemberAny update on this? Security is not my strong suit so I would like to know what I need to do on my end to protect my customer’s data.
Thanks!
support-octavioMemberHi Code A,
The dev team agreed with Michael’s answer.
Code_AMember@support-michael wrote:
A google search identified issues where the web server uses a self-signed certificate.
Can you please explain further? I am not sure I understand this comment.
Thanks!
support-michaelKeymasterI know just enough to be dangerous – so don’t quote me on anything I say here on…
For ssl connections the encryption algorithm uses public/private keys to sign (encode) and decode messages passed back and forth between the server and a client. Some sites will create their own certificate (see self signed cert) rather than purchase one that is signed a certificate authority such as godaddy. My understanding is if your server uses a self signed cert that you may experience issues with secure ajax connections to hosted web services. I found references to google and our dev team also indicated you might have issues. I would try a small prototype and see if you can connect. If not, google up solutions such as the zillion threads on stackoverflow.
Good luck man! -
AuthorPosts